Checking a signed file

Use the following procedure to check a signed file. The file must have the .p7f or .p7m file extension.

1. In Windows Explorer, double-click or right-click on the desired file and select Send to > Stormshield Data Sign from the pop-up menu. The signature book window automatically opens and the file is dropped in it.

   NOTE
   If the signature book window is already open, you can also drag and drop the desired file in the signature book window.

2. Right-click on the file to select Signatures from the pop-up menu. The signer's certificate then appears, as shown below. Only the primary level of signatures is displayed. It includes the signature, co-signature(s) and counter-signature(s), if any. The second level of signatures, i.e. the over-signature(s), is not shown.

   

   If you click on Certificates attached, Stormshield Data Sign displays the certificates attached to the file when it was signed. These certificates cannot be considered reliable and must be checked with your trusted address book or the LDAP directory.

3. Right-click on a signature and select Signature properties from the context-sensitive menu. The following window opens:

   

4. Click on Detail to display the signer’s certificate:

   

   Stormshield Data Sign verifies:

   • The file content and signature authenticity: Stormshield Data Sign verifies the signature and gets the original document fingerprint. Then Stormshield Data Sign calculates the document fingerprint of the signed document and compares it to the original document fingerprint. If they are the same, this means that the signed document has not been altered and Stormshield Data Sign guarantees its authenticity.
   • The signature certificate validity: Stormshield Data Sign checks the validity of the certificate which guarantees the authenticity of the signer. When there are multiple signatures, each individual signature is checked: all of the certificates needed to validate the digital signatures are verified.

In order to validate the certificate, Stormshield Data Sign uses the most recent Control Revocation List (CRL). As the CRLs are regularly updated, the result of the verification may be different each time you request a verification.

Click on Import to import user certificates into your trusted address book.

Click Refresh to dynamically update the signature information with new data including new certificates or CRL input.

When the verification is complete, Stormshield Data Sign displays, next to the icon of the checked file, an icon that shows the result:

 

The signature is correct and the signer’s certificate is valid.

An anomaly was found.

A serious error was found.